Relying Party SAML 2 Attribute Query Profile Configuration

This profile configuration enables and configures the SAML 2 Attribute Query profile.

Basic Configuration

This profile is configured by adding the <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" /> element to a RelyingParty definition.

Example SAML2 Attribute Query Profile Configuration

Advanced Configuration

The SAML2 Attribute Query profile configuration supports the following advanced configuration attributes:

• outboundArtifactType - Default artifact type used when sending responses via artifact, defaults to 4

• assertionLifetime - The lifetime, in milliseconds, for issued assertions, defaults to 300000 (5 minutes)

• assertionProxyCount - A non-negative integer used to populate the Count attribute in the assertion's ProxyRestriction element, defaults to 0.

• includeConditionsNotBefore - (V2.4.0+) Include a NotBefore timestamp in the assertions' validity conditions, defaults to true

• signResponses - see Configuring XML Signature and Encryption

• signAssertions - see Configuring XML Signature and Encryption

• signRequests - see Configuring XML Signature and Encryption

• encryptAssertions - see Configuring XML Signature and Encryption

• encryptNameIds - see Configuring XML Signature and Encryption

In addition, the SAML 2 Attribute Query profile configuration element supports two child elements.

• <Audience>, whose content is used to populate the <Audience> elements of <AudienceRestriction> element. This element may appear any number of times, one for each audience.

• <ProxyAudience>, whose content is used to populate the <Audience> elements of the <ProxyRestriction> condition element. This element may appear any number of times, one for each audience.